Seminar by Marcin Nawrocki

Title: Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs

Abstract:
Large Distributed Denial-of-Service (DDoS) attacks pose a major threat not only to end systems but also to the Internet infrastructure as a whole. Remote Triggered Black Hole filtering (RTBH) has been established as a tool to mitigate inter-domain DDoS attacks by discarding unwanted traffic early in the network, e.g., at Internet eXchange Points (IXPs). As of today, little is known about the kind and effectiveness of its use, and about the need for more fine-grained filtering. In this paper, we present the first in-depth statistical analysis of all RTBH events at a large European IXP by correlating measurements of the data and the control plane for a period of 104 days. We identify a surprising practice that significantly deviates from the expected mitigation use patterns. First, we show that only one-third of all 34k visible RTBH events correlate with indicators of DDoS attacks. Second, we witness over 2000 blackhole events announced for prefixes not of servers but of clients situated in DSL networks. Third, we find that blackholing on average causes dropping of only 50\% of the unwanted traffic and is hence a much less reliable tool for mitigating DDoS attacks than expected. Our analysis gives also rise to first estimates of the collateral damage caused by RTBH-based DDoS mitigation

Bio:
Marcin Nawrocki is a PhD student in computer science and a research assistant at Freie Universität Berlin, advised by Matthias Wählisch. He received his Master’s degree in computer science in 2016, also at the Freie Universität Berlin. He supports the Internet Technologies Lab with a special focus on securing the Internet infrastructure, including attack detection and prevention.